Re: HTTP based trojans

From: s.wun (s.wun@thales-is.com.hk)
Date: 11/06/02 

From: "s.wun" <s.wun@thales-is.com.hk>
To: <AQBARROS@BKB.com.br>, <focus-ids@securityfocus.com>
Date: Wed, 6 Nov 2002 11:26:34 +0800

Hi,

What other open-source tool do you use to detect this attack?

Sam.
----- Original Message -----
From: <AQBARROS@BKB.com.br>
To: <focus-ids@securityfocus.com>
Sent: Thursday, October 31, 2002 8:46 PM
Subject: HTTP based trojans

> As I saw on the last messages about detecting trojans through flow-based
> analysis, I thought if someone already made anything to detect trojans
that
> use Internet Explorer controls to communicate with the client, even on
> networks that allow only proxied (even authenticated) http connections.
Did
> anyone try to do such kind of thing?
>
> Regards,
>
>
> Augusto.

Relevant Pages

  • Re: FYI WatchGuard Security Alert
    ... > Hijacked Web Sites Spread ... > Trojans to IE Visitors ... > users and your IIS server from this malware. ... > few more details about this attack emerged. ...
    (comp.security.firewalls)
  • FYI WatchGuard Security Alert
    ... Hijacked Web Sites Spread ... Trojans to IE Visitors ... NetSec Inc warned of a large-scale attack they detected ... users and your IIS server from this malware. ...
    (comp.security.firewalls)
  • [Full-disclosure] Patch for the http module from THC-Hydra: error handling the HTTP response
    ... THC-Hydra is a well known tool from pentest, ... which supports numerous protocols to attack. ... from the latest version of THC-Hydra refering to the http ... in the http server. ...
    (Full-Disclosure)
  • Re: Binary of HTTP config issues
    ... getting back some kind of HTTP error response vs. a binary stream therefore ... Here's another example of using the binary formatter with IIS and HTTP: ... Sam Santiago ... > given that the above will function when I add the following to the server ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: Noob question: Harddrive "scrubber"
    ... >> knock comes at the door. ... >work well blocking garbage like spyware, trojans, etc? ... Most come in through legitimate ports like http. ... attack, and b) make it hard to find open ports to attack. ...
    (alt.computer.security)